What do you think about making the the /var/log/fai directory read
only for root and the group adm? IMO this would fix the security
problem.
-
regards Thomas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
save_log_local() {
...
...
mkdir -p $thislog
cp -a $LOGDIR/* $thislog
+ if [ $verbose -eq 1 ]
+ then
+ grep -v rootpw= $LOGDIR/fai.log $thislog/fai.log
+ fi
ln -snf $HOSTNAME $logbase/localhost
ln -snf $FAI_ACTION-$FAI_RUNDATE $logbase/$HOSTNAME/last-$FAI_ACTION
...
...
}
--
To UNSUBSCRIBE,
I agree that we do not need the hash in the local log files.
I wonder if it's a bug or a feature that we copy the hash (md5 by
default) of the rootpw to the remote location.
This fix may not be complete (depending on bug or feature that it's
copied to remote), since fai-savelog copies from
3 matches
Mail list logo